<?php namespace App\Http\Middleware;

use Closure;

class CORS{
    public function handle($request,Closure $next){
      $response = $next($request);
      $response->header('Access-Control-Allow-Origin', config('app.allow'));
      $response->header('Access-Control-Allow-Headers', 'Origin, Content-Type, Cookie, Accept, X-Requested-With');
      $response->header('Access-Control-Allow-Methods', 'GET, POST, PATCH, PUT, OPTIONS');
      $response->header('Access-Control-Max-Age', 1728000);
      $response->header('Access-Control-Allow-Credentials', 'true');
      return $response;
   }
}